however, I have no clue if this is correct or not. [[User:Doru001|Doru001]] ([[User talk:Doru001|talk]]) 17:28, 27 January 2013 (UTC)

however, I have no clue if this is correct or not. [[User:Doru001|Doru001]] ([[User talk:Doru001|talk]]) 17:28, 27 January 2013 (UTC)

+

+

+

That's the way to do it. Consider adding "ip6tables.service" for IPv6 connections if it's required. A much cleaner and safer solution would be to have the actual iptables services start before any kind of network is available. This needs a "Before=sysinit.target" (and possibly more) listed in the Unit sections. If you could test it, I'm sure the iptables packager would be happy to hear from you at [https://bugs.archlinux.org/task/33478 Bug #33478]. --[[User:Gilrain|Gilrain]] ([[User talk:Gilrain|talk]]) 16:39, 8 February 2013 (UTC)

however, I have no clue if this is correct or not. Doru001 (talk) 17:28, 27 January 2013 (UTC)

That's the way to do it. Consider adding "ip6tables.service" for IPv6 connections if it's required. A much cleaner and safer solution would be to have the actual iptables services start before any kind of network is available. This needs a "Before=sysinit.target" (and possibly more) listed in the Unit sections. If you could test it, I'm sure the iptables packager would be happy to hear from you at Bug #33478. --Gilrain (talk) 16:39, 8 February 2013 (UTC)

Is that correct?

"Chains are used to specify rulesets. A packet begins at the top of a chain and progresses downwards until it hits a rule. There are three built-in chains: INPUT, OUTPUT and FORWARD. All outbound traffic passes through the forward chain, and all inbound traffic passes through the FORWARD chain. The three built-in chains have default targets which are used if no rules are hit. User-defined chains can be added to make rulesets more efficient."
Is the bold marked text really correct? If yes: shouldn't we explain what output/input chains do?
--Evilandi666 11:57, 17 July 2011 (EDT)

“PREROUTING”: Packets will enter this chain before a routing decision is made.
“INPUT”: Packet is going to be locally delivered. (N.B.: It does not have anything to do with processes having a socket open. Local delivery is controlled by the “local-delivery” routing table: `ip route show table local`.)
“FORWARD”: All packets that have been routed and were not for local delivery will traverse this chain.
“OUTPUT”: Packets sent from the machine itself will be visiting this chain.
“POSTROUTING”: Routing decision has been made. Packets enter this chain just before handing them off to the hardware.

In the italian page I changed this, but I didn't mentioned POSTROUTING and PREROUTING chains. I think this guide need to be updateed. -- Maveloth 14:04, 30 September 2011 (EDT)

Fixed double FORWARD problem and added an Expansion template because I think POSTROUTING and PREROUTING have something to do with NAT operations, but I don't have sufficient knowledge to expand the article by myself. Probably the whole Iptables#Basic_concepts section should be expanded and made clearer. -- Kynikos 17:26, 7 October 2011 (EDT)

Merge

It seems to me that Iptables and Simple stateful firewall HOWTO should be merged into a single document named iptables. Ideally, various pages could point to the iptables page for configuration options. These include router instructions, etc. Of course, I volunteer to do all the work. --Arcanazar 14:58, 30 July 2009 (EDT)

I agree on the merge, the link provided has much more in depth. In short this page should pint there or visa versa.--Prometheanfire 15:05, 30 July 2009 (EDT)

I guess it just depends on whether or not we want to classify the age as a class (Stateful Firewall) or a program (IPTABLES). This is honestly the first time I have edited a wiki except for gramatical errors so I do not know the proper procedure.--Prometheanfire 16:24, 30 July 2009 (EDT)

There really is no proper procedure. Basically, the best page is whatever is going to be the most useful. Since (IMHO), more people will search for "iptables" than "Stateful Firewall", iptables is the better name. --Arcanazar 16:31, 30 July 2009 (EDT)

The subject of iptables, and firewalling, is not that simple. Even now both pages lack clarity to the layperson, and so neither is complete. Understanding iptables requires an understanding of networking in general. So slimming it down in a wiki article is folly. Instead, each article needs to be refined with proper references (and diagrams if possible) before any potential merger can or should be considered. T1nk3r3r (talk) 23:45, 17 January 2013 (UTC)

NAT Firewall

This is a combination of lazyness and the like, this is an old setup that I have since moved from this config to a hardware firewall. This setup is of a natting firewall with a few port forwards.